Re: [389-users] Limiting access to specific hosts.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,


I would specify aci for that user with something like this:

aci:(targetattr = "*")(target = "ldap:///ou=Restricted,o=tupperware,c=US")(version 3.0; acl "Restricted Read Access"; allow (read,search,compare) (userdn = "ldap:///uid=someone,ou=users,o=tupperware,c=US") and (ip="192.168.1.*" or ip="10.2.3.4" or ip="10.2.3.5" or ip="10.2.3.6") ;)

It doesn't really prevent the uid=someone from logging in but the user won't be able to read any attributes from the target tree unless accessing from those IP addresses.

Maybe not really what you are after but just a suggestion.


Cheers,
Bazza

On 08/07/2010, at 5:48 AM, Fairchild, Anthony wrote:

Hello,
 
I have gotten 389 directory up and running and am beginning to add users, but would like to know how to restrict a user to only logging in to a specific host or a group of hosts. Could anybody point me to some documentation on this? I don't seem to be having much luck finding it through Google.
 
--
Anthony
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users




--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users

[Index of Archives]     [Fedora Directory Users]     [Fedora Directory Devel]     [Fedora Announce]     [Fedora Legacy Announce]     [Kernel]     [Fedora Legacy]     [Share Photos]     [Fedora Desktop]     [PAM]     [Red Hat Watch]     [Red Hat Development]     [Big List of Linux Books]     [Gimp]     [Yosemite News]

  Powered by Linux